2 * NTP client/server, based on OpenNTPD 3.9p1
4 * Author: Adam Tkac <vonsch@gmail.com>
6 * Licensed under GPLv2, see file LICENSE in this source tree.
9 #include <netinet/ip.h> /* For IPTOS_LOWDELAY definition */
10 #include <sys/resource.h> /* setpriority */
11 #ifndef IPTOS_LOWDELAY
12 # define IPTOS_LOWDELAY 0x10
16 /* Sync to peers every N secs */
17 #define INTERVAL_QUERY_NORMAL 30
18 #define INTERVAL_QUERY_PATHETIC 60
19 #define INTERVAL_QUERY_AGRESSIVE 5
21 /* Bad if *less than* TRUSTLEVEL_BADPEER */
22 #define TRUSTLEVEL_BADPEER 6
23 #define TRUSTLEVEL_PATHETIC 2
24 #define TRUSTLEVEL_AGRESSIVE 8
25 #define TRUSTLEVEL_MAX 10
27 #define QSCALE_OFF_MIN 0.05
28 #define QSCALE_OFF_MAX 0.50
30 /* Single query might take N secs max */
31 #define QUERYTIME_MAX 15
32 /* Min offset for settime at start. "man ntpd" says it's 128 ms */
33 #define STEPTIME_MIN_OFFSET 0.128
47 NTP_MSGSIZE_NOAUTH
= 48,
48 NTP_MSGSIZE
= (NTP_MSGSIZE_NOAUTH
+ 4 + NTP_DIGESTSIZE
),
52 uint8_t m_status
; /* status of local clock and leap info */
53 uint8_t m_stratum
; /* stratum level */
54 uint8_t m_ppoll
; /* poll value */
55 int8_t m_precision_exp
;
56 s_fixedpt_t m_rootdelay
;
57 s_fixedpt_t m_dispersion
;
59 l_fixedpt_t m_reftime
;
60 l_fixedpt_t m_orgtime
;
61 l_fixedpt_t m_rectime
;
62 l_fixedpt_t m_xmttime
;
64 uint8_t m_digest
[NTP_DIGESTSIZE
];
73 VERSION_MASK
= (7 << 3),
77 /* Leap Second Codes (high order two bits of m_status) */
78 LI_NOWARNING
= (0 << 6), /* no warning */
79 LI_PLUSSEC
= (1 << 6), /* add a second (61 seconds) */
80 LI_MINUSSEC
= (2 << 6), /* minus a second (59 seconds) */
81 LI_ALARM
= (3 << 6), /* alarm condition */
84 MODE_RES0
= 0, /* reserved */
85 MODE_SYM_ACT
= 1, /* symmetric active */
86 MODE_SYM_PAS
= 2, /* symmetric passive */
87 MODE_CLIENT
= 3, /* client */
88 MODE_SERVER
= 4, /* server */
89 MODE_BROADCAST
= 5, /* broadcast */
90 MODE_RES1
= 6, /* reserved for NTP control message */
91 MODE_RES2
= 7, /* reserved for private use */
94 #define OFFSET_1900_1970 2208988800UL /* 1970 - 1900 in seconds */
99 //UNUSED: double d_error;
107 #define NUM_DATAPOINTS 8
109 len_and_sockaddr
*p_lsa
;
111 /* When to send new query (if p_fd == -1)
112 * or when receive times out (if p_fd >= 0): */
113 time_t next_action_time
;
115 uint8_t p_datapoint_idx
;
116 uint8_t p_trustlevel
;
119 datapoint_t p_datapoint
[NUM_DATAPOINTS
];
128 /* Insert new options above this line. */
129 /* Non-compat options: */
131 OPT_l
= (1 << 5) * ENABLE_FEATURE_NTPD_SERVER
,
136 /* total round trip delay to currently selected reference clock */
138 /* reference timestamp: time when the system clock was last set or corrected */
141 #if ENABLE_FEATURE_NTPD_SERVER
151 #define G_precision_exp -6
152 // int8_t precision_exp;
154 uint8_t time_was_stepped
;
155 uint8_t first_adj_done
;
157 #define G (*ptr_to_globals)
159 static const int const_IPTOS_LOWDELAY
= IPTOS_LOWDELAY
;
163 set_next(peer_t
*p
, unsigned t
)
165 p
->next_action_time
= time(NULL
) + t
;
173 p
= xzalloc(sizeof(*p
));
174 p
->p_lsa
= xhost2sockaddr(s
, 123);
175 p
->p_dotted
= xmalloc_sockaddr2dotted_noport(&p
->p_lsa
->u
.sa
);
177 p
->p_xmt_msg
.m_status
= MODE_CLIENT
| (NTP_VERSION
<< 3);
178 p
->p_trustlevel
= TRUSTLEVEL_PATHETIC
;
179 p
->next_action_time
= time(NULL
); /* = set_next(p, 0); */
181 llist_add_to(&G
.ntp_peers
, p
);
189 gettimeofday(&tv
, NULL
); /* never fails */
190 return (tv
.tv_sec
+ 1.0e-6 * tv
.tv_usec
+ OFFSET_1900_1970
);
194 d_to_tv(double d
, struct timeval
*tv
)
196 tv
->tv_sec
= (long)d
;
197 tv
->tv_usec
= (d
- tv
->tv_sec
) * 1000000;
201 lfp_to_d(l_fixedpt_t lfp
)
204 lfp
.int_partl
= ntohl(lfp
.int_partl
);
205 lfp
.fractionl
= ntohl(lfp
.fractionl
);
206 ret
= (double)lfp
.int_partl
+ ((double)lfp
.fractionl
/ UINT_MAX
);
212 sfp_to_d(s_fixedpt_t sfp
)
215 sfp
.int_parts
= ntohs(sfp
.int_parts
);
216 sfp
.fractions
= ntohs(sfp
.fractions
);
217 ret
= (double)sfp
.int_parts
+ ((double)sfp
.fractions
/ USHRT_MAX
);
222 #if ENABLE_FEATURE_NTPD_SERVER
227 lfp
.int_partl
= (uint32_t)d
;
228 lfp
.fractionl
= (uint32_t)((d
- lfp
.int_partl
) * UINT_MAX
);
229 lfp
.int_partl
= htonl(lfp
.int_partl
);
230 lfp
.fractionl
= htonl(lfp
.fractionl
);
238 sfp
.int_parts
= (uint16_t)d
;
239 sfp
.fractions
= (uint16_t)((d
- sfp
.int_parts
) * USHRT_MAX
);
240 sfp
.int_parts
= htons(sfp
.int_parts
);
241 sfp
.fractions
= htons(sfp
.fractions
);
249 unsigned interval
, r
;
250 interval
= INTERVAL_QUERY_PATHETIC
* QSCALE_OFF_MAX
/ QSCALE_OFF_MIN
;
251 r
= (unsigned)rand() % (unsigned)(interval
/ 10);
252 return (interval
+ r
);
257 const struct sockaddr
*from
, const struct sockaddr
*to
, socklen_t addrlen
,
258 msg_t
*msg
, ssize_t len
)
264 ret
= sendto(fd
, msg
, len
, MSG_DONTWAIT
, to
, addrlen
);
266 ret
= send_to_from(fd
, msg
, len
, MSG_DONTWAIT
, to
, from
, addrlen
);
269 bb_perror_msg("send failed");
276 send_query_to_peer(peer_t
*p
)
278 // Why do we need to bind()?
279 // See what happens when we don't bind:
281 // socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
282 // setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
283 // gettimeofday({1259071266, 327885}, NULL) = 0
284 // sendto(3, "xxx", 48, MSG_DONTWAIT, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("10.34.32.125")}, 16) = 48
285 // ^^^ we sent it from some source port picked by kernel.
286 // time(NULL) = 1259071266
287 // write(2, "ntpd: entering poll 15 secs\n", 28) = 28
288 // poll([{fd=3, events=POLLIN}], 1, 15000) = 1 ([{fd=3, revents=POLLIN}])
289 // recv(3, "yyy", 68, MSG_DONTWAIT) = 48
290 // ^^^ this recv will receive packets to any local port!
292 // Uncomment this and use strace to see it in action:
293 #define PROBE_LOCAL_ADDR // { len_and_sockaddr lsa; lsa.len = LSA_SIZEOF_SA; getsockname(p->query.fd, &lsa.u.sa, &lsa.len); }
297 len_and_sockaddr
*local_lsa
;
299 family
= p
->p_lsa
->u
.sa
.sa_family
;
300 p
->p_fd
= fd
= xsocket_type(&local_lsa
, family
, SOCK_DGRAM
);
301 /* local_lsa has "null" address and port 0 now.
302 * bind() ensures we have a *particular port* selected by kernel
303 * and remembered in p->p_fd, thus later recv(p->p_fd)
304 * receives only packets sent to this port.
307 xbind(fd
, &local_lsa
->u
.sa
, local_lsa
->len
);
309 #if ENABLE_FEATURE_IPV6
310 if (family
== AF_INET
)
312 setsockopt(fd
, IPPROTO_IP
, IP_TOS
, &const_IPTOS_LOWDELAY
, sizeof(const_IPTOS_LOWDELAY
));
317 * Send out a random 64-bit number as our transmit time. The NTP
318 * server will copy said number into the originate field on the
319 * response that it sends us. This is totally legal per the SNTP spec.
321 * The impact of this is two fold: we no longer send out the current
322 * system time for the world to see (which may aid an attacker), and
323 * it gives us a (not very secure) way of knowing that we're not
324 * getting spoofed by an attacker that can't capture our traffic
325 * but can spoof packets from the NTP server we're communicating with.
327 * Save the real transmit timestamp locally.
329 p
->p_xmt_msg
.m_xmttime
.int_partl
= rand();
330 p
->p_xmt_msg
.m_xmttime
.fractionl
= rand();
331 p
->p_xmttime
= gettime1900d();
333 if (do_sendto(p
->p_fd
, /*from:*/ NULL
, /*to:*/ &p
->p_lsa
->u
.sa
, /*addrlen:*/ p
->p_lsa
->len
,
334 &p
->p_xmt_msg
, NTP_MSGSIZE_NOAUTH
) == -1
338 set_next(p
, INTERVAL_QUERY_PATHETIC
);
343 bb_error_msg("sent query to %s", p
->p_dotted
);
344 set_next(p
, QUERYTIME_MAX
);
350 /* Time is stepped only once, when the first packet from a peer is received.
353 step_time_once(double offset
)
361 if (G
.time_was_stepped
)
363 G
.time_was_stepped
= 1;
365 /* if the offset is small, don't step, slew (later) */
366 if (offset
< STEPTIME_MIN_OFFSET
&& offset
> -STEPTIME_MIN_OFFSET
)
369 gettimeofday(&tv
, NULL
); /* never fails */
370 dtime
= offset
+ tv
.tv_sec
;
371 dtime
+= 1.0e-6 * tv
.tv_usec
;
374 if (settimeofday(&tv
, NULL
) == -1)
375 bb_perror_msg_and_die("settimeofday");
378 strftime_YYYYMMDDHHMMSS(buf
, sizeof(buf
), &tval
);
380 bb_error_msg("setting clock to %s (offset %fs)", buf
, offset
);
382 for (item
= G
.ntp_peers
; item
!= NULL
; item
= item
->link
) {
383 peer_t
*p
= (peer_t
*) item
->data
;
384 p
->next_action_time
-= (time_t)offset
;
388 if (option_mask32
& OPT_q
)
393 /* Time is periodically slewed when we collect enough
397 compare_offsets(const void *aa
, const void *bb
)
399 const peer_t
*const *a
= aa
;
400 const peer_t
*const *b
= bb
;
401 if ((*a
)->update
.d_offset
< (*b
)->update
.d_offset
)
403 return ((*a
)->update
.d_offset
> (*b
)->update
.d_offset
);
406 updated_scale(double offset
)
410 if (offset
> QSCALE_OFF_MAX
)
412 if (offset
< QSCALE_OFF_MIN
)
413 return QSCALE_OFF_MAX
/ QSCALE_OFF_MIN
;
414 return QSCALE_OFF_MAX
/ offset
;
420 double offset_median
;
424 peer_t
**peers
= xzalloc(sizeof(peers
[0]) * G
.peer_cnt
);
425 unsigned goodpeer_cnt
= 0;
428 for (item
= G
.ntp_peers
; item
!= NULL
; item
= item
->link
) {
429 peer_t
*p
= (peer_t
*) item
->data
;
430 if (p
->p_trustlevel
< TRUSTLEVEL_BADPEER
)
432 if (!p
->update
.d_good
) {
436 peers
[goodpeer_cnt
++] = p
;
439 if (goodpeer_cnt
== 0) {
444 qsort(peers
, goodpeer_cnt
, sizeof(peers
[0]), compare_offsets
);
446 middle
= goodpeer_cnt
/ 2;
447 if (middle
!= 0 && (goodpeer_cnt
& 1) == 0) {
448 offset_median
= (peers
[middle
-1]->update
.d_offset
+ peers
[middle
]->update
.d_offset
) / 2;
449 G
.rootdelay
= (peers
[middle
-1]->update
.d_delay
+ peers
[middle
]->update
.d_delay
) / 2;
450 G
.stratum
= 1 + MAX(peers
[middle
-1]->update
.d_stratum
, peers
[middle
]->update
.d_stratum
);
452 offset_median
= peers
[middle
]->update
.d_offset
;
453 G
.rootdelay
= peers
[middle
]->update
.d_delay
;
454 G
.stratum
= 1 + peers
[middle
]->update
.d_stratum
;
456 G
.leap
= peers
[middle
]->update
.d_leap
;
457 G
.refid4
= peers
[middle
]->update
.d_refid4
;
459 #if ENABLE_FEATURE_IPV6
460 peers
[middle
]->p_lsa
->u
.sa
.sa_family
!= AF_INET
?
463 peers
[middle
]->p_lsa
->u
.sin
.sin_addr
.s_addr
;
466 //TODO: if (offset_median > BIG) step_time(offset_median)?
468 G
.scale
= updated_scale(offset_median
);
470 bb_error_msg("adjusting clock by %fs, our stratum is %u, time scale %u",
471 offset_median
, G
.stratum
, G
.scale
);
474 d_to_tv(offset_median
, &tv
);
475 if (adjtime(&tv
, &tv
) == -1)
476 bb_perror_msg_and_die("adjtime failed");
478 bb_error_msg("old adjust: %d.%06u", (int)tv
.tv_sec
, (unsigned)tv
.tv_usec
);
480 if (G
.first_adj_done
) {
481 uint8_t synced
= (tv
.tv_sec
== 0 && tv
.tv_usec
== 0);
482 if (synced
!= G
.synced
) {
484 bb_error_msg("clock is %ssynced", synced
? "" : "un");
487 G
.first_adj_done
= 1;
489 G
.reftime
= gettime1900d();
492 for (item
= G
.ntp_peers
; item
!= NULL
; item
= item
->link
) {
493 peer_t
*p
= (peer_t
*) item
->data
;
494 p
->update
.d_good
= 0;
499 update_peer_data(peer_t
*p
)
502 * Find the datapoint with the lowest delay.
503 * Use that as the peer update.
504 * Invalidate it and all older ones.
510 for (i
= 0; i
< NUM_DATAPOINTS
; i
++) {
511 if (p
->p_datapoint
[i
].d_good
) {
513 if (best
< 0 || p
->p_datapoint
[i
].d_delay
< p
->p_datapoint
[best
].d_delay
)
518 if (good
< 8) //FIXME: was it meant to be NUM_DATAPOINTS, not 8?
521 p
->update
= p
->p_datapoint
[best
]; /* struct copy */
524 for (i
= 0; i
< NUM_DATAPOINTS
; i
++)
525 if (p
->p_datapoint
[i
].d_rcv_time
<= p
->p_datapoint
[best
].d_rcv_time
)
526 p
->p_datapoint
[i
].d_good
= 0;
530 scale_interval(unsigned requested
)
532 unsigned interval
, r
;
533 interval
= requested
* G
.scale
;
534 r
= (unsigned)rand() % (unsigned)(MAX(5, interval
/ 10));
535 return (interval
+ r
);
538 recv_and_process_peer_pkt(peer_t
*p
)
542 double T1
, T2
, T3
, T4
;
544 datapoint_t
*datapoint
;
546 /* We can recvfrom here and check from.IP, but some multihomed
547 * ntp servers reply from their *other IP*.
548 * TODO: maybe we should check at least what we can: from.port == 123?
550 size
= recv(p
->p_fd
, &msg
, sizeof(msg
), MSG_DONTWAIT
);
552 bb_perror_msg("recv(%s) error", p
->p_dotted
);
553 if (errno
== EHOSTUNREACH
|| errno
== EHOSTDOWN
554 || errno
== ENETUNREACH
|| errno
== ENETDOWN
555 || errno
== ECONNREFUSED
|| errno
== EADDRNOTAVAIL
558 //TODO: always do this?
559 set_next(p
, error_interval());
565 if (size
!= NTP_MSGSIZE_NOAUTH
&& size
!= NTP_MSGSIZE
) {
566 bb_error_msg("malformed packet received from %s", p
->p_dotted
);
570 if (msg
.m_orgtime
.int_partl
!= p
->p_xmt_msg
.m_xmttime
.int_partl
571 || msg
.m_orgtime
.fractionl
!= p
->p_xmt_msg
.m_xmttime
.fractionl
576 if ((msg
.m_status
& LI_ALARM
) == LI_ALARM
577 || msg
.m_stratum
== 0
578 || msg
.m_stratum
> NTP_MAXSTRATUM
580 // TODO: stratum 0 responses may have commands in 32-bit m_refid field:
581 // "DENY", "RSTR" - peer does not like us at all
582 // "RATE" - peer is overloaded, reduce polling freq
583 interval
= error_interval();
584 bb_error_msg("reply from %s: not synced, next query in %us", p
->p_dotted
, interval
);
589 * From RFC 2030 (with a correction to the delay math):
591 * Timestamp Name ID When Generated
592 * ------------------------------------------------------------
593 * Originate Timestamp T1 time request sent by client
594 * Receive Timestamp T2 time request received by server
595 * Transmit Timestamp T3 time reply sent by server
596 * Destination Timestamp T4 time reply received by client
598 * The roundtrip delay and local clock offset are defined as
600 * delay = (T4 - T1) - (T3 - T2); offset = ((T2 - T1) + (T3 - T4)) / 2
603 T2
= lfp_to_d(msg
.m_rectime
);
604 T3
= lfp_to_d(msg
.m_xmttime
);
607 datapoint
= &p
->p_datapoint
[p
->p_datapoint_idx
];
609 datapoint
->d_offset
= ((T2
- T1
) + (T3
- T4
)) / 2;
610 datapoint
->d_delay
= (T4
- T1
) - (T3
- T2
);
611 if (datapoint
->d_delay
< 0) {
612 bb_error_msg("reply from %s: negative delay %f", p
->p_dotted
, datapoint
->d_delay
);
613 interval
= error_interval();
614 set_next(p
, interval
);
617 //UNUSED: datapoint->d_error = (T2 - T1) - (T3 - T4);
618 datapoint
->d_rcv_time
= (time_t)(T4
- OFFSET_1900_1970
); /* = time(NULL); */
619 datapoint
->d_good
= 1;
621 datapoint
->d_leap
= (msg
.m_status
& LI_MASK
);
622 //UNUSED: datapoint->o_precision = msg.m_precision_exp;
623 //UNUSED: datapoint->o_rootdelay = sfp_to_d(msg.m_rootdelay);
624 //UNUSED: datapoint->o_rootdispersion = sfp_to_d(msg.m_dispersion);
625 //UNUSED: datapoint->d_refid = ntohl(msg.m_refid);
626 datapoint
->d_refid4
= msg
.m_xmttime
.fractionl
;
627 //UNUSED: datapoint->o_reftime = lfp_to_d(msg.m_reftime);
628 //UNUSED: datapoint->o_poll = msg.m_ppoll;
629 datapoint
->d_stratum
= msg
.m_stratum
;
631 if (p
->p_trustlevel
< TRUSTLEVEL_PATHETIC
)
632 interval
= scale_interval(INTERVAL_QUERY_PATHETIC
);
633 else if (p
->p_trustlevel
< TRUSTLEVEL_AGRESSIVE
)
634 interval
= scale_interval(INTERVAL_QUERY_AGRESSIVE
);
636 interval
= scale_interval(INTERVAL_QUERY_NORMAL
);
638 set_next(p
, interval
);
640 /* Every received reply which we do not discard increases trust */
641 if (p
->p_trustlevel
< TRUSTLEVEL_MAX
) {
643 if (p
->p_trustlevel
== TRUSTLEVEL_BADPEER
)
644 bb_error_msg("peer %s now valid", p
->p_dotted
);
648 bb_error_msg("reply from %s: offset %f delay %f, next query in %us", p
->p_dotted
,
649 datapoint
->d_offset
, datapoint
->d_delay
, interval
);
652 //TODO: do it after all peers had a chance to return at least one reply?
653 step_time_once(datapoint
->d_offset
);
655 p
->p_datapoint_idx
++;
656 if (p
->p_datapoint_idx
>= NUM_DATAPOINTS
)
657 p
->p_datapoint_idx
= 0;
660 /* We do not expect any more packets from this peer for now.
661 * Closing the socket informs kernel about it.
662 * We open a new socket when we send a new query.
670 #if ENABLE_FEATURE_NTPD_SERVER
672 recv_and_process_client_pkt(void /*int fd*/)
677 len_and_sockaddr
*to
;
678 struct sockaddr
*from
;
680 uint8_t query_status
;
682 l_fixedpt_t query_xmttime
;
684 to
= get_sock_lsa(G
.listen_fd
);
685 from
= xzalloc(to
->len
);
687 size
= recv_from_to(G
.listen_fd
, &msg
, sizeof(msg
), MSG_DONTWAIT
, from
, &to
->u
.sa
, to
->len
);
688 if (size
!= NTP_MSGSIZE_NOAUTH
&& size
!= NTP_MSGSIZE
) {
693 bb_perror_msg_and_die("recv");
695 addr
= xmalloc_sockaddr2dotted_noport(from
);
696 bb_error_msg("malformed packet received from %s: size %u", addr
, (int)size
);
701 query_status
= msg
.m_status
;
702 query_ppoll
= msg
.m_ppoll
;
703 query_xmttime
= msg
.m_xmttime
;
705 /* Build a reply packet */
706 memset(&msg
, 0, sizeof(msg
));
707 msg
.m_status
= G
.synced
? G
.leap
: LI_ALARM
;
708 msg
.m_status
|= (query_status
& VERSION_MASK
);
709 msg
.m_status
|= ((query_status
& MODE_MASK
) == MODE_CLIENT
) ?
710 MODE_SERVER
: MODE_SYM_PAS
;
711 msg
.m_stratum
= G
.stratum
;
712 msg
.m_ppoll
= query_ppoll
;
713 msg
.m_precision_exp
= G_precision_exp
;
714 rectime
= gettime1900d();
715 msg
.m_xmttime
= msg
.m_rectime
= d_to_lfp(rectime
);
716 msg
.m_reftime
= d_to_lfp(G
.reftime
);
717 //msg.m_xmttime = d_to_lfp(gettime1900d()); // = msg.m_rectime
718 msg
.m_orgtime
= query_xmttime
;
719 msg
.m_rootdelay
= d_to_sfp(G
.rootdelay
);
720 version
= (query_status
& VERSION_MASK
); /* ... >> VERSION_SHIFT - done below instead */
721 msg
.m_refid
= (version
> (3 << VERSION_SHIFT
)) ? G
.refid4
: G
.refid
;
723 /* We reply from the local address packet was sent to,
724 * this makes to/from look swapped here: */
725 do_sendto(G
.listen_fd
,
726 /*from:*/ &to
->u
.sa
, /*to:*/ from
, /*addrlen:*/ to
->len
,
735 /* Upstream ntpd's options:
737 * -4 Force DNS resolution of host names to the IPv4 namespace.
738 * -6 Force DNS resolution of host names to the IPv6 namespace.
739 * -a Require cryptographic authentication for broadcast client,
740 * multicast client and symmetric passive associations.
741 * This is the default.
742 * -A Do not require cryptographic authentication for broadcast client,
743 * multicast client and symmetric passive associations.
744 * This is almost never a good idea.
745 * -b Enable the client to synchronize to broadcast servers.
747 * Specify the name and path of the configuration file,
748 * default /etc/ntp.conf
749 * -d Specify debugging mode. This option may occur more than once,
750 * with each occurrence indicating greater detail of display.
752 * Specify debugging level directly.
754 * Specify the name and path of the frequency file.
755 * This is the same operation as the "driftfile FILE"
756 * configuration command.
757 * -g Normally, ntpd exits with a message to the system log
758 * if the offset exceeds the panic threshold, which is 1000 s
759 * by default. This option allows the time to be set to any value
760 * without restriction; however, this can happen only once.
761 * If the threshold is exceeded after that, ntpd will exit
762 * with a message to the system log. This option can be used
763 * with the -q and -x options. See the tinker command for other options.
765 * Chroot the server to the directory jaildir. This option also implies
766 * that the server attempts to drop root privileges at startup
767 * (otherwise, chroot gives very little additional security).
768 * You may need to also specify a -u option.
770 * Specify the name and path of the symmetric key file,
771 * default /etc/ntp/keys. This is the same operation
772 * as the "keys FILE" configuration command.
774 * Specify the name and path of the log file. The default
775 * is the system log file. This is the same operation as
776 * the "logfile FILE" configuration command.
777 * -L Do not listen to virtual IPs. The default is to listen.
779 * -N To the extent permitted by the operating system,
780 * run the ntpd at the highest priority.
782 * Specify the name and path of the file used to record the ntpd
783 * process ID. This is the same operation as the "pidfile FILE"
784 * configuration command.
786 * To the extent permitted by the operating system,
787 * run the ntpd at the specified priority.
788 * -q Exit the ntpd just after the first time the clock is set.
789 * This behavior mimics that of the ntpdate program, which is
790 * to be retired. The -g and -x options can be used with this option.
791 * Note: The kernel time discipline is disabled with this option.
793 * Specify the default propagation delay from the broadcast/multicast
794 * server to this client. This is necessary only if the delay
795 * cannot be computed automatically by the protocol.
797 * Specify the directory path for files created by the statistics
798 * facility. This is the same operation as the "statsdir DIR"
799 * configuration command.
801 * Add a key number to the trusted key list. This option can occur
804 * Specify a user, and optionally a group, to switch to.
807 * Add a system variable listed by default.
808 * -x Normally, the time is slewed if the offset is less than the step
809 * threshold, which is 128 ms by default, and stepped if above
810 * the threshold. This option sets the threshold to 600 s, which is
811 * well within the accuracy window to set the clock manually.
812 * Note: since the slew rate of typical Unix kernels is limited
813 * to 0.5 ms/s, each second of adjustment requires an amortization
814 * interval of 2000 s. Thus, an adjustment as much as 600 s
815 * will take almost 14 days to complete. This option can be used
816 * with the -g and -q options. See the tinker command for other options.
817 * Note: The kernel time discipline is disabled with this option.
820 /* By doing init in a separate function we decrease stack usage
823 static NOINLINE
void ntp_init(char **argv
)
831 bb_error_msg_and_die(bb_msg_you_must_be_root
);
834 opt_complementary
= "dd:p::"; /* d: counter, p: list */
835 opts
= getopt32(argv
,
837 "p:"IF_FEATURE_NTPD_SERVER("l") /* NOT compat */
839 "46aAbgL", /* compat, ignored */
841 if (!(opts
& (OPT_p
|OPT_l
)))
843 if (opts
& OPT_x
) /* disable stepping, only slew is allowed */
844 G
.time_was_stepped
= 1;
846 add_peers(llist_pop(&peers
));
847 if (!(opts
& OPT_n
)) {
848 bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO
, argv
);
849 logmode
= LOGMODE_NONE
;
851 #if ENABLE_FEATURE_NTPD_SERVER
854 G
.listen_fd
= create_and_bind_dgram_or_die(NULL
, 123);
855 socket_want_pktinfo(G
.listen_fd
);
856 setsockopt(G
.listen_fd
, IPPROTO_IP
, IP_TOS
, &const_IPTOS_LOWDELAY
, sizeof(const_IPTOS_LOWDELAY
));
859 /* I hesitate to set -20 prio. -15 should be high enough for timekeeping */
861 setpriority(PRIO_PROCESS
, 0, -15);
863 /* Set some globals */
865 /* With constant b = 100, G.precision_exp is also constant -6.
866 * Uncomment this and you'll see */
872 /* We can use sys_clock_getres but assuming 10ms tick should be fine */
873 clock_getres(CLOCK_REALTIME
, &tp
);
875 tp
.tv_nsec
= 10000000;
876 b
= 1000000000 / tp
.tv_nsec
; /* convert to Hz */
878 b
= 100; /* b = 1000000000/10000000 = 100 */
882 //G.precision_exp = prec;
883 bb_error_msg("G.precision_exp:%d", prec
); /* -6 */
888 bb_signals((1 << SIGTERM
) | (1 << SIGINT
), record_signo
);
889 bb_signals((1 << SIGPIPE
) | (1 << SIGHUP
), SIG_IGN
);
892 int ntpd_main(int argc UNUSED_PARAM
, char **argv
) MAIN_EXTERNALLY_VISIBLE
;
893 int ntpd_main(int argc UNUSED_PARAM
, char **argv
)
899 memset(&g
, 0, sizeof(g
));
900 SET_PTR_TO_GLOBALS(&g
);
905 /* if ENABLE_FEATURE_NTPD_SERVER, + 1 for listen_fd: */
906 unsigned cnt
= g
.peer_cnt
+ ENABLE_FEATURE_NTPD_SERVER
;
907 idx2peer
= xzalloc(sizeof(idx2peer
[0]) * cnt
);
908 pfd
= xzalloc(sizeof(pfd
[0]) * cnt
);
911 while (!bb_got_signal
) {
914 unsigned sent_cnt
, trial_cnt
;
916 time_t cur_time
, nextaction
;
918 /* Nothing between here and poll() blocks for any significant time */
920 cur_time
= time(NULL
);
921 nextaction
= cur_time
+ 3600;
924 #if ENABLE_FEATURE_NTPD_SERVER
925 if (g
.listen_fd
!= -1) {
926 pfd
[0].fd
= g
.listen_fd
;
927 pfd
[0].events
= POLLIN
;
931 /* Pass over peer list, send requests, time out on receives */
932 sent_cnt
= trial_cnt
= 0;
933 for (item
= g
.ntp_peers
; item
!= NULL
; item
= item
->link
) {
934 peer_t
*p
= (peer_t
*) item
->data
;
936 /* Overflow-safe "if (p->next_action_time <= cur_time) ..." */
937 if ((int)(cur_time
- p
->next_action_time
) >= 0) {
939 /* Time to send new req */
941 if (send_query_to_peer(p
) == 0)
944 /* Timed out waiting for reply */
947 timeout
= error_interval();
948 bb_error_msg("timed out waiting for %s, "
949 "next query in %us", p
->p_dotted
, timeout
);
950 if (p
->p_trustlevel
>= TRUSTLEVEL_BADPEER
) {
951 p
->p_trustlevel
/= 2;
952 if (p
->p_trustlevel
< TRUSTLEVEL_BADPEER
)
953 bb_error_msg("peer %s now invalid", p
->p_dotted
);
955 set_next(p
, timeout
);
959 if (p
->next_action_time
< nextaction
)
960 nextaction
= p
->next_action_time
;
963 /* Wait for reply from this peer */
965 pfd
[i
].events
= POLLIN
;
971 if ((trial_cnt
> 0 && sent_cnt
== 0) || g
.peer_cnt
== 0)
972 step_time_once(0); /* no good peers, don't wait */
974 timeout
= nextaction
- cur_time
;
978 /* Here we may block */
980 bb_error_msg("poll %us, sockets:%u", timeout
, i
);
981 nfds
= poll(pfd
, i
, timeout
* 1000);
985 /* Process any received packets */
987 #if ENABLE_FEATURE_NTPD_SERVER
988 if (g
.listen_fd
!= -1) {
989 if (pfd
[0].revents
/* & (POLLIN|POLLERR)*/) {
991 recv_and_process_client_pkt(/*g.listen_fd*/);
996 for (; nfds
!= 0 && j
< i
; j
++) {
997 if (pfd
[j
].revents
/* & (POLLIN|POLLERR)*/) {
999 recv_and_process_peer_pkt(idx2peer
[j
]);
1002 } /* while (!bb_got_signal) */
1004 kill_myself_with_sig(bb_got_signal
);